package com.baizhi.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @author benben278
 * @create 2022-04-15 19:48
 */
@Controller
@RequestMapping("order")
public class OrderController {
    @RequestMapping("save")
    @RequiresRoles(value = {"admin","user"})//注解配置角色权限  此注解表示同时具有 admin user角色才行
    @RequiresPermissions("user:update:01")//用来判断权限字符串的
    public String save(){
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        //代码方式
        if(subject.hasRole("admin")){
            System.out.println("保存订单！");
        }else {
            System.out.println("无权访问！");
        }
        return "redirect:/index.jsp";
    }
}
